PT-2005-3309 · Mozilla · Firefox
Dori Eldar
·
Published
2005-07-27
·
Updated
2017-07-11
·
CVE-2005-2395
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions 1.0.4 through 1.0.5
Description
The issue is related to the authentication scheme used by the browser. According to the description, the browser does not choose the challenge with the strongest authentication scheme available as required by RFC2617. This might cause credentials to be sent in plaintext even if an encrypted channel is available.
Recommendations
For Mozilla Firefox versions 1.0.4 through 1.0.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Firefox